Auditing detailed operations within VMware Cloud on AWS using the Activity Log API

All operations (UI or API) that occurs within VMware Cloud AWS (VMC), including but not limited to SDDC creation, deletion, updates, network configurations, user authorization/access, etc. is all captured as part of the Activity Log in the VMC Console. Within the Activity Log, customers will be able view the type of operation, the time the operation occurred, the applicable SDDC as well the user of the operation and all of these fields can be filtered out further.

The UI is great for quickly looking up quick changes, however for customers who require auditing level logging, this may not be sufficient. This was actually a question that I had received from a customer who was interested in getting more details but also a way to send this information back to their on-premises environment for auditing purposes. Luckily, the Activity Log actually stores a lot more information than what is shown in the UI and all of this data is available through the VMC API.

All entries are scoped within a VMC Organization and you can use the following APIs to retrieve all activities or a specific activity given the VMC Task Id:

GET /orgs/{org}/tasks - List all tasks for organization

GET /orgs/{org}/tasks/{task} - Get task details

PowerCLI

If are you a PowerShell/PowerCLI consumer (which is now supported on all platforms including MacOS and Linux), you can use the VMware.VMC PowerCLI module and the Get-VMCTask function. Below is a screenshot of the exact same task shown in the Active Log UI, but as you can see, there is much more details including any input parameters for a given request. In this example, I was creating a new Firewall Rule within the VMC Console and as you can see, the specific firewall configuration is fully captured.

DCLI

If PowerCLI is not for you, we also have a multi-platform CLI called Datacenter CLI (DCLI) that you can easily interact with the VMC API among other vSphere APIs provided by the vCenter Server Appliance (VCSA) and VAMI interfaces. To list all tasks, you simply run the following:

Note: Piping the output to python is not a requirement, but if you happen to be on a system that has the Python runtime, you can make use of the JSON formatting option that is built in to make the output more readable as shown in the screenshot below:

cURL

In addition to other VMC SDKs, Rest Clients or programming/scripting languages that support Restful APIs, you can also simply access the VMC API using good ol' cURL. Below is a quick snippet which takes your refresh token and the SDDC Org ID and lists all tasks and output will be exactly the same as the two examples above.

Lastly, if you prefer to be able to easily search and perform more complex queries without having to consume the VMC API, I know there is some work that is being done to enable the ability to forward all events to the Log Intelligence service which many customers are starting to leverage for logging SaaS-base applications and VMC is another great use for the solution.

Reader Interactions

Primary Sidebar

Search this website

Author

William Lam is a Staff Solutions Architect working in the VMware Cloud on AWS team within the Cloud Platform Business Unit (CPBU) at VMware. He focuses on Automation, Integration and Operation of the VMware Software Defined Datacenter (SDDC).